Sourcefire VRT Update
Date: 2006-07-06
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 7003 - WEB-CLIENT ADODB.Recordset ActiveX function call access (web-client.rules) 7004 - WEB-CLIENT Internet.HHCtrl.1 ActiveX function call access (web-client.rules) 7005 - WEB-CLIENT OutlookExpress.AddressBook ActiveX function call access (web-client.rules) 7006 - WEB-CLIENT ASControls.InstallEngineCtl ActiveX function call access (web-client.rules) 7007 - WEB-CLIENT AxDebugger.Document.1 ActiveX function call access (web-client.rules) 7008 - WEB-CLIENT DirectAnimation.DAUserData ActiveX function call access (web-client.rules) 7009 - WEB-CLIENT DirectAnimation.StructuredGraphicsControl ActiveX function call access (web-client.rules) 7010 - WEB-CLIENT HtmlDlgSafeHelper.HtmlDlgSafeHelper.1 ActiveX function call access (web-client.rules) 7011 - WEB-CLIENT HtmlDlgSafeHelper.HtmlDlgSafeHelper ActiveX function call access (web-client.rules) 7012 - WEB-CLIENT Internet.PopupMenu.1 ActiveX function call access (web-client.rules) 7013 - WEB-CLIENT Microsoft.ISCatAdm ActiveX function call access (web-client.rules) 7014 - WEB-CLIENT NMSA.ASFSourceMediaDescription.1 ActiveX function call access (web-client.rules) 7015 - WEB-CLIENT NMSA.MediaDescription ActiveX function call access (web-client.rules) 7016 - WEB-CLIENT Object.Microsoft.DXTFilter ActiveX function call access (web-client.rules) 7017 - WEB-CLIENT RDS.DataControl ActiveX function call access (web-client.rules) 7018 - WEB-CLIENT Sysmon ActiveX function call access (web-client.rules) Updated rules: 580 - RPC portmap nisd request UDP (rpc.rules) 824 - WEB-CGI php.cgi access (web-cgi.rules) 1951 - RPC mountd TCP mount request (rpc.rules)
